How to block ransomware?

by Stephane

Stopping ransomware and other malware

Ransomware is malware that encrypts your data in exchange for a ransom (details here: https: //www.altospam.com/actualite/2014/07/piratage-vos-donnees-prises-en-otage-contre-rancon/ ), and is often spread via e-mail for reasons of rapid propagation. Most of these ransomwares are polymorphic malwares, and their codes change very regularly, making the task of standard antivirus software very complex.

There is often a signature race between new ransomware and antivirus products. Ransomware wants to be very fast, to spread very quickly before antivirus software can identify it, produce an associated signature and distribute it via updates. Antivirus software is therefore always late when a new strain of virus is released. However, by using several anti-virus bases, the effect is lessened, as you benefit from the feedback of the fastest anti-virus laboratory. However, it is necessary to use technologies other than signature-based antivirus to block all ransomware from the very start of the attack, before it becomes known.

In addition to Altospam’s 6 built-in antivirus programs, we also use other technologies. The simplest is to refuse certain types of file, whether directly in email attachments or compressed into an attached file. The list of extensions refused by Altospam can be found here: http: //altospam.com/actualite/2015/02/fichiers-bloques-par-altospam/. Spam filters in themselves block unsolicited e-mails, and therefore those containing unknown ransomware. But above all, the following 4 innovative technologies integrated into Altospam make it possible to offer an extremely high-performance service: analysis of suspicious files, file signature analysis (via a meta-repository including 57 antiviruses), on-the-fly macro analysis (static sandbox to detect abnormal behavior) and detection by file matching with known ransomware.

To protect our own development work, we won’t go into detail about these technologies in this article, but our support team will be happy to provide further information to customers on request.

To prove the effectiveness of our solution in the face of today’s waves of attacks, the easiest way is to test our email security software in real life. Test Altospam here: https: //www.altospam.com/fr/test-gratuit.php

Test Altospam’s solutions!

Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …